Red Hat Satellite is a system management tool for Linux-based infrastructures. It allows for provisioning, monitoring, and the remote management of multiple Linux deployments with a single, centralized tool.
Security Fix(es):
A cross-site scripting (XSS) flaw was found in how XML data was handled in Red Hat Satellite. A user able to use the XMLRPC API could exploit this flaw to perform XSS attacks against other Satellite users. (CVE-2015-0284)
Multiple cross-site scripting (XSS) flaws were found in the way certain form data was handled in Red Hat Satellite. A user able to enter form data could use these flaws to perform XSS attacks against other Satellite users. (CVE-2016-2103, CVE-2016-3079)
Multiple cross-site scripting (XSS) flaws were found in the way HTTP GET parameter data was handled in Red Hat Satellite. A user able to provide malicious links to a Satellite user could use these flaws to perform XSS attacks against other Satellite users. (CVE-2016-2104)
Red Hat would like to thank Adam Willard (Raytheon Foreground Security) for reporting CVE-2016-2104. The CVE-2015-0284 and CVE-2016-3079 issues were discovered by Jan HutaΕ (Red Hat).
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 6 | src | spacewalk-java | <Β 2.3.8-134.el6sat | spacewalk-java-2.3.8-134.el6sat.src.rpm |
RedHat | 6 | noarch | spacewalk-java | <Β 2.3.8-134.el6sat | spacewalk-java-2.3.8-134.el6sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-java-lib | <Β 2.3.8-134.el6sat | spacewalk-java-lib-2.3.8-134.el6sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-taskomatic | <Β 2.3.8-134.el6sat | spacewalk-taskomatic-2.3.8-134.el6sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-java-postgresql | <Β 2.3.8-134.el6sat | spacewalk-java-postgresql-2.3.8-134.el6sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-java-config | <Β 2.3.8-134.el6sat | spacewalk-java-config-2.3.8-134.el6sat.noarch.rpm |
RedHat | 6 | noarch | spacewalk-java-oracle | <Β 2.3.8-134.el6sat | spacewalk-java-oracle-2.3.8-134.el6sat.noarch.rpm |